Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

VBoxExtPackHelperApp.cpp

Last change on this file was 98281, checked in by vboxsync, 15 months ago
Main/src-helper-apps: rc -> hrc/vrc. Make scm check this dir now. bugref:10223
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 74.5 KB

Line
1	/* $Id: VBoxExtPackHelperApp.cpp 98281 2023-01-24 12:15:49Z vboxsync $ */
2	/** @file
3	* VirtualBox Main - Extension Pack Helper Application, usually set-uid-to-root.
4	*/
5
6	/*
7	* Copyright (C) 2010-2023 Oracle and/or its affiliates.
8	*
9	* This file is part of VirtualBox base platform packages, as
10	* available from https://www.virtualbox.org.
11	*
12	* This program is free software; you can redistribute it and/or
13	* modify it under the terms of the GNU General Public License
14	* as published by the Free Software Foundation, in version 3 of the
15	* License.
16	*
17	* This program is distributed in the hope that it will be useful, but
18	* WITHOUT ANY WARRANTY; without even the implied warranty of
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20	* General Public License for more details.
21	*
22	* You should have received a copy of the GNU General Public License
23	* along with this program; if not, see <https://www.gnu.org/licenses>.
24	*
25	* SPDX-License-Identifier: GPL-3.0-only
26	*/
27
28
29	/*********************************************************************************************************************************
30	* Header Files *
31	*********************************************************************************************************************************/
32	#include "../include/ExtPackUtil.h"
33
34	#include <iprt/buildconfig.h>
35	#include <iprt/dir.h>
36	#include <iprt/env.h>
37	#include <iprt/file.h>
38	#include <iprt/fs.h>
39	#include <iprt/getopt.h>
40	#include <iprt/initterm.h>
41	#include <iprt/manifest.h>
42	#include <iprt/message.h>
43	#include <iprt/param.h>
44	#include <iprt/path.h>
45	#include <iprt/process.h>
46	#include <iprt/sha.h>
47	#include <iprt/string.h>
48	#include <iprt/stream.h>
49	#include <iprt/thread.h>
50	#include <iprt/utf16.h>
51	#include <iprt/vfs.h>
52	#include <iprt/zip.h>
53	#include <iprt/cpp/ministring.h>
54
55	#include <VBox/log.h>
56	#include <VBox/err.h>
57	#include <VBox/sup.h>
58	#include <VBox/version.h>
59
60	#ifdef RT_OS_WINDOWS
61	# define _WIN32_WINNT 0x0501
62	# include <iprt/win/windows.h> /* ShellExecuteEx, ++ */
63	# include <iprt/win/objbase.h> /* CoInitializeEx */
64	# ifdef DEBUG
65	# include <Sddl.h>
66	# endif
67	#endif
68
69	#ifdef RT_OS_DARWIN
70	# include <Security/Authorization.h>
71	# include <Security/AuthorizationTags.h>
72	# include <CoreFoundation/CoreFoundation.h>
73	#endif
74
75	#if !defined(RT_OS_OS2)
76	# include <stdio.h>
77	# include <errno.h>
78	# if !defined(RT_OS_WINDOWS)
79	# include <sys/types.h>
80	# include <unistd.h> /* geteuid */
81	# endif
82	#endif
83
84
85	/*********************************************************************************************************************************
86	* Defined Constants And Macros *
87	*********************************************************************************************************************************/
88	/** Enable elevation on Windows and Darwin. */
89	#if !defined(RT_OS_OS2) \|\| defined(DOXYGEN_RUNNING)
90	# define WITH_ELEVATION
91	#endif
92
93
94	/** @name Command and option names
95	* @{ */
96	#define CMD_INSTALL 1000
97	#define CMD_UNINSTALL 1001
98	#define CMD_CLEANUP 1002
99	#ifdef WITH_ELEVATION
100	# define OPT_ELEVATED 1090
101	# define OPT_STDOUT 1091
102	# define OPT_STDERR 1092
103	#endif
104	#define OPT_DISP_INFO_HACK 1093
105	/** @} */
106
107
108	/*********************************************************************************************************************************
109	* Global Variables *
110	*********************************************************************************************************************************/
111	#ifdef RT_OS_WINDOWS
112	static HINSTANCE g_hInstance;
113	#endif
114
115	#ifdef IN_RT_R3
116	/* Override RTAssertShouldPanic to prevent gdb process creation. */
117	RTDECL(bool) RTAssertShouldPanic(void)
118	{
119	return true;
120	}
121	#endif
122
123
124
125	/**
126	* Handle the special standard options when these are specified after the
127	* command.
128	*
129	* @param ch The option character.
130	*/
131	static RTEXITCODE DoStandardOption(int ch)
132	{
133	switch (ch)
134	{
135	case 'h':
136	{
137	RTMsgInfo(VBOX_PRODUCT " Extension Pack Helper App\n"
138	"Copyright (C) " VBOX_C_YEAR " " VBOX_VENDOR "\n"
139	"\n"
140	"This NOT intended for general use, please use VBoxManage instead\n"
141	"or call the IExtPackManager API directly.\n"
142	"\n"
143	"Usage: %s <command> [options]\n"
144	"Commands:\n"
145	" install --base-dir <dir> --cert-dir <dir> --name <name> \\\n"
146	" --tarball <tarball> --tarball-fd <fd>\n"
147	" uninstall --base-dir <dir> --name <name>\n"
148	" cleanup --base-dir <dir>\n"
149	, RTProcShortName());
150	return RTEXITCODE_SUCCESS;
151	}
152
153	case 'V':
154	RTPrintf("%sr%d\n", VBOX_VERSION_STRING, RTBldCfgRevision());
155	return RTEXITCODE_SUCCESS;
156
157	default:
158	AssertFailedReturn(RTEXITCODE_FAILURE);
159	}
160	}
161
162
163	/**
164	* Checks if the cerficiate directory is valid.
165	*
166	* @returns true if it is valid, false if it isn't.
167	* @param pszCertDir The certificate directory to validate.
168	*/
169	static bool IsValidCertificateDir(const char *pszCertDir)
170	{
171	/*
172	* Just be darn strict for now.
173	*/
174	char szCorrect[RTPATH_MAX];
175	int vrc = RTPathAppPrivateNoArch(szCorrect, sizeof(szCorrect));
176	if (RT_FAILURE(vrc))
177	return false;
178	vrc = RTPathAppend(szCorrect, sizeof(szCorrect), VBOX_EXTPACK_CERT_DIR);
179	if (RT_FAILURE(vrc))
180	return false;
181
182	return RTPathCompare(szCorrect, pszCertDir) == 0;
183	}
184
185
186	/**
187	* Checks if the base directory is valid.
188	*
189	* @returns true if it is valid, false if it isn't.
190	* @param pszBaesDir The base directory to validate.
191	*/
192	static bool IsValidBaseDir(const char *pszBaseDir)
193	{
194	/*
195	* Just be darn strict for now.
196	*/
197	char szCorrect[RTPATH_MAX];
198	int vrc = RTPathAppPrivateArchTop(szCorrect, sizeof(szCorrect));
199	if (RT_FAILURE(vrc))
200	return false;
201	vrc = RTPathAppend(szCorrect, sizeof(szCorrect), VBOX_EXTPACK_INSTALL_DIR);
202	if (RT_FAILURE(vrc))
203	return false;
204
205	return RTPathCompare(szCorrect, pszBaseDir) == 0;
206	}
207
208
209	/**
210	* Cleans up a temporary extension pack directory.
211	*
212	* This is used by 'uninstall', 'cleanup' and in the failure path of 'install'.
213	*
214	* @returns The program exit code.
215	* @param pszDir The directory to clean up. The caller is
216	* responsible for making sure this is valid.
217	* @param fTemporary Whether this is a temporary install directory or
218	* not.
219	*/
220	static RTEXITCODE RemoveExtPackDir(const char *pszDir, bool fTemporary)
221	{
222	/** @todo May have to undo 555 modes here later. */
223	int vrc = RTDirRemoveRecursive(pszDir, RTDIRRMREC_F_CONTENT_AND_DIR);
224	if (RT_FAILURE(vrc))
225	return RTMsgErrorExit(RTEXITCODE_FAILURE,
226	"Failed to delete the %sextension pack directory: %Rrc ('%s')",
227	fTemporary ? "temporary " : "", vrc, pszDir);
228	return RTEXITCODE_SUCCESS;
229	}
230
231
232	/**
233	* Wrapper around RTDirRename that may retry the operation for up to 15 seconds
234	* on windows to deal with AV software.
235	*/
236	static int CommonDirRenameWrapper(const char pszSrc, const char pszDst, uint32_t fFlags)
237	{
238	#ifdef RT_OS_WINDOWS
239	uint64_t nsNow = RTTimeNanoTS();
240	for (;;)
241	{
242	int vrc = RTDirRename(pszSrc, pszDst, fFlags);
243	if ( ( vrc != VERR_ACCESS_DENIED
244	&& vrc != VERR_SHARING_VIOLATION)
245	\|\| RTTimeNanoTS() - nsNow > RT_NS_15SEC)
246	return vrc;
247	RTThreadSleep(128);
248	}
249	#else
250	return RTDirRename(pszSrc, pszDst, fFlags);
251	#endif
252	}
253
254	/**
255	* Common uninstall worker used by both uninstall and install --replace.
256	*
257	* @returns success or failure, message displayed on failure.
258	* @param pszExtPackDir The extension pack directory name.
259	*/
260	static RTEXITCODE CommonUninstallWorker(const char *pszExtPackDir)
261	{
262	/* Rename the extension pack directory before deleting it to prevent new
263	VM processes from picking it up. */
264	char szExtPackUnInstDir[RTPATH_MAX];
265	int vrc = RTStrCopy(szExtPackUnInstDir, sizeof(szExtPackUnInstDir), pszExtPackDir);
266	if (RT_SUCCESS(vrc))
267	vrc = RTStrCat(szExtPackUnInstDir, sizeof(szExtPackUnInstDir), "-_-uninst");
268	if (RT_FAILURE(vrc))
269	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to construct temporary extension pack path: %Rrc", vrc);
270
271	vrc = CommonDirRenameWrapper(pszExtPackDir, szExtPackUnInstDir, RTPATHRENAME_FLAGS_NO_REPLACE);
272	if (vrc == VERR_ALREADY_EXISTS)
273	{
274	/* Automatic cleanup and try again. It's in theory possible that we're
275	racing another cleanup operation here, so just ignore errors and try
276	again. (There is no installation race due to the exclusive temporary
277	installation directory.) */
278	RemoveExtPackDir(szExtPackUnInstDir, false /fTemporary/);
279	vrc = CommonDirRenameWrapper(pszExtPackDir, szExtPackUnInstDir, RTPATHRENAME_FLAGS_NO_REPLACE);
280	}
281	if (RT_FAILURE(vrc))
282	return RTMsgErrorExit(RTEXITCODE_FAILURE,
283	"Failed to rename the extension pack directory: %Rrc\n"
284	"If the problem persists, try running the command: VBoxManage extpack cleanup", vrc);
285
286	/* Recursively delete the directory content. */
287	return RemoveExtPackDir(szExtPackUnInstDir, false /fTemporary/);
288	}
289
290
291	/**
292	* Wrapper around VBoxExtPackOpenTarFss.
293	*
294	* @returns success or failure, message displayed on failure.
295	* @param hTarballFile The handle to the tarball file.
296	* @param phTarFss Where to return the filesystem stream handle.
297	*/
298	static RTEXITCODE OpenTarFss(RTFILE hTarballFile, PRTVFSFSSTREAM phTarFss)
299	{
300	char szError[8192];
301	int vrc = VBoxExtPackOpenTarFss(hTarballFile, szError, sizeof(szError), phTarFss, NULL);
302	if (RT_FAILURE(vrc))
303	{
304	Assert(szError[0]);
305	return RTMsgErrorExit(RTEXITCODE_FAILURE, "%s", szError);
306	}
307	Assert(!szError[0]);
308	return RTEXITCODE_SUCCESS;
309	}
310
311
312	/**
313	* Sets the permissions of the temporary extension pack directory just before
314	* renaming it.
315	*
316	* By default the temporary directory is only accessible by root, this function
317	* will make it world readable and browseable.
318	*
319	* @returns The program exit code.
320	* @param pszDir The temporary extension pack directory.
321	*/
322	static RTEXITCODE SetExtPackPermissions(const char *pszDir)
323	{
324	RTMsgInfo("Setting permissions...");
325	#if !defined(RT_OS_WINDOWS)
326	int vrc = RTPathSetMode(pszDir, 0755);
327	if (RT_FAILURE(vrc))
328	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to set directory permissions: %Rrc ('%s')", vrc, pszDir);
329	#else
330	/** @todo TrustedInstaller? */
331	RT_NOREF1(pszDir);
332	#endif
333
334	return RTEXITCODE_SUCCESS;
335	}
336
337
338	/**
339	* Wrapper around VBoxExtPackValidateMember.
340	*
341	* @returns Program exit code, failure with message.
342	* @param pszName The name of the directory.
343	* @param enmType The object type.
344	* @param hVfsObj The VFS object.
345	*/
346	static RTEXITCODE ValidateMemberOfExtPack(const char *pszName, RTVFSOBJTYPE enmType, RTVFSOBJ hVfsObj)
347	{
348	char szError[8192];
349	int vrc = VBoxExtPackValidateMember(pszName, enmType, hVfsObj, szError, sizeof(szError));
350	if (RT_FAILURE(vrc))
351	{
352	Assert(szError[0]);
353	return RTMsgErrorExit(RTEXITCODE_FAILURE, "%s", szError);
354	}
355	Assert(!szError[0]);
356	return RTEXITCODE_SUCCESS;
357	}
358
359
360	/**
361	* Validates the extension pack tarball prior to unpacking.
362	*
363	* Operations performed:
364	* - Hardening checks.
365	*
366	* @returns The program exit code.
367	* @param pszDir The directory where the extension pack has been
368	* unpacked.
369	* @param pszExtPackName The expected extension pack name.
370	* @param pszTarball The name of the tarball in case we have to
371	* complain about something.
372	*/
373	static RTEXITCODE ValidateUnpackedExtPack(const char pszDir, const char pszTarball, const char *pszExtPackName)
374	{
375	RT_NOREF2(pszTarball, pszExtPackName);
376	RTMsgInfo("Validating unpacked extension pack...");
377
378	RTERRINFOSTATIC ErrInfo;
379	RTErrInfoInitStatic(&ErrInfo);
380	int vrc = SUPR3HardenedVerifyDir(pszDir, true /fRecursive/, true /fCheckFiles/, &ErrInfo.Core);
381	if (RT_FAILURE(vrc))
382	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Hardening check failed with %Rrc: %s", vrc, ErrInfo.Core.pszMsg);
383	return RTEXITCODE_SUCCESS;
384	}
385
386
387	/**
388	* Unpacks a directory from an extension pack tarball.
389	*
390	* @returns Program exit code, failure with message.
391	* @param pszDstDirName The name of the unpacked directory.
392	* @param hVfsObj The source object for the directory.
393	*/
394	static RTEXITCODE UnpackExtPackDir(const char *pszDstDirName, RTVFSOBJ hVfsObj)
395	{
396	/*
397	* Get the mode mask before creating the directory.
398	*/
399	RTFSOBJINFO ObjInfo;
400	int vrc = RTVfsObjQueryInfo(hVfsObj, &ObjInfo, RTFSOBJATTRADD_NOTHING);
401	if (RT_FAILURE(vrc))
402	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTVfsObjQueryInfo failed on '%s': %Rrc", pszDstDirName, vrc);
403	ObjInfo.Attr.fMode &= ~(RTFS_UNIX_IWOTH \| RTFS_UNIX_IWGRP);
404
405	vrc = RTDirCreate(pszDstDirName, ObjInfo.Attr.fMode, 0);
406	if (RT_FAILURE(vrc))
407	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to create directory '%s': %Rrc", pszDstDirName, vrc);
408
409	#ifndef RT_OS_WINDOWS
410	/*
411	* Because of umask, we have to apply the mode again.
412	*/
413	vrc = RTPathSetMode(pszDstDirName, ObjInfo.Attr.fMode);
414	if (RT_FAILURE(vrc))
415	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to set directory permissions on '%s': %Rrc", pszDstDirName, vrc);
416	#else
417	/** @todo Ownership tricks on windows? */
418	#endif
419	return RTEXITCODE_SUCCESS;
420	}
421
422
423	/**
424	* Unpacks a file from an extension pack tarball.
425	*
426	* @returns Program exit code, failure with message.
427	* @param pszName The name in the tarball.
428	* @param pszDstFilename The name of the unpacked file.
429	* @param hVfsIosSrc The source stream for the file.
430	* @param hUnpackManifest The manifest to add the file digest to.
431	*/
432	static RTEXITCODE UnpackExtPackFile(const char pszName, const char pszDstFilename,
433	RTVFSIOSTREAM hVfsIosSrc, RTMANIFEST hUnpackManifest)
434	{
435	/*
436	* Query the object info, we'll need it for buffer sizing as well as
437	* setting the file mode.
438	*/
439	RTFSOBJINFO ObjInfo;
440	int vrc = RTVfsIoStrmQueryInfo(hVfsIosSrc, &ObjInfo, RTFSOBJATTRADD_NOTHING);
441	if (RT_FAILURE(vrc))
442	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTVfsIoStrmQueryInfo failed with %Rrc on '%s'", vrc, pszDstFilename);
443
444	/*
445	* Create the file.
446	*/
447	uint32_t fFlags = RTFILE_O_WRITE \| RTFILE_O_DENY_ALL \| RTFILE_O_CREATE \| (0600 << RTFILE_O_CREATE_MODE_SHIFT);
448	RTFILE hFile;
449	vrc = RTFileOpen(&hFile, pszDstFilename, fFlags);
450	if (RT_FAILURE(vrc))
451	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to create '%s': %Rrc", pszDstFilename, vrc);
452
453	/*
454	* Create a I/O stream for the destination file, stack a manifest entry
455	* creator on top of it.
456	*/
457	RTVFSIOSTREAM hVfsIosDst2;
458	vrc = RTVfsIoStrmFromRTFile(hFile, fFlags, true /fLeaveOpen/, &hVfsIosDst2);
459	if (RT_SUCCESS(vrc))
460	{
461	RTVFSIOSTREAM hVfsIosDst;
462	vrc = RTManifestEntryAddPassthruIoStream(hUnpackManifest, hVfsIosDst2, pszName,
463	RTMANIFEST_ATTR_SIZE \| RTMANIFEST_ATTR_SHA256,
464	false /fReadOrWrite/, &hVfsIosDst);
465	RTVfsIoStrmRelease(hVfsIosDst2);
466	if (RT_SUCCESS(vrc))
467	{
468	/*
469	* Pump the data thru.
470	*/
471	vrc = RTVfsUtilPumpIoStreams(hVfsIosSrc, hVfsIosDst, (uint32_t)RT_MIN(ObjInfo.cbObject, _1G));
472	if (RT_SUCCESS(vrc))
473	{
474	vrc = RTManifestPtIosAddEntryNow(hVfsIosDst);
475	if (RT_SUCCESS(vrc))
476	{
477	RTVfsIoStrmRelease(hVfsIosDst);
478	hVfsIosDst = NIL_RTVFSIOSTREAM;
479
480	/*
481	* Set the mode mask.
482	*/
483	ObjInfo.Attr.fMode &= ~(RTFS_UNIX_IWOTH \| RTFS_UNIX_IWGRP);
484	vrc = RTFileSetMode(hFile, ObjInfo.Attr.fMode);
485	/** @todo Windows needs to do more here, I think. */
486	if (RT_SUCCESS(vrc))
487	{
488	RTFileClose(hFile);
489	return RTEXITCODE_SUCCESS;
490	}
491
492	RTMsgError("Failed to set the mode of '%s' to %RTfmode: %Rrc", pszDstFilename, ObjInfo.Attr.fMode, vrc);
493	}
494	else
495	RTMsgError("RTManifestPtIosAddEntryNow failed for '%s': %Rrc", pszDstFilename, vrc);
496	}
497	else
498	RTMsgError("RTVfsUtilPumpIoStreams failed for '%s': %Rrc", pszDstFilename, vrc);
499	RTVfsIoStrmRelease(hVfsIosDst);
500	}
501	else
502	RTMsgError("RTManifestEntryAddPassthruIoStream failed: %Rrc", vrc);
503	}
504	else
505	RTMsgError("RTVfsIoStrmFromRTFile failed: %Rrc", vrc);
506	RTFileClose(hFile);
507	return RTEXITCODE_FAILURE;
508	}
509
510
511	/**
512	* Unpacks the extension pack into the specified directory.
513	*
514	* This will apply ownership and permission changes to all the content, the
515	* exception is @a pszDirDst which will be handled by SetExtPackPermissions.
516	*
517	* @returns The program exit code.
518	* @param hTarballFile The tarball to unpack.
519	* @param pszDirDst Where to unpack it.
520	* @param hValidManifest The manifest we've validated.
521	* @param pszTarball The name of the tarball in case we have to
522	* complain about something.
523	*/
524	static RTEXITCODE UnpackExtPack(RTFILE hTarballFile, const char *pszDirDst, RTMANIFEST hValidManifest,
525	const char *pszTarball)
526	{
527	RT_NOREF1(pszTarball);
528	RTMsgInfo("Unpacking extension pack into '%s'...", pszDirDst);
529
530	/*
531	* Set up the destination path.
532	*/
533	char szDstPath[RTPATH_MAX];
534	int vrc = RTPathAbs(pszDirDst, szDstPath, sizeof(szDstPath) - VBOX_EXTPACK_MAX_MEMBER_NAME_LENGTH - 2);
535	if (RT_FAILURE(vrc))
536	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTPathAbs('%s',,) failed: %Rrc", pszDirDst, vrc);
537	size_t offDstPath = RTPathStripTrailingSlash(szDstPath);
538	szDstPath[offDstPath++] = '/';
539	szDstPath[offDstPath] = '\0';
540
541	/*
542	* Open the tar.gz filesystem stream and set up an manifest in-memory file.
543	*/
544	RTVFSFSSTREAM hTarFss;
545	RTEXITCODE rcExit = OpenTarFss(hTarballFile, &hTarFss);
546	if (rcExit != RTEXITCODE_SUCCESS)
547	return rcExit;
548
549	RTMANIFEST hUnpackManifest;
550	vrc = RTManifestCreate(0 /fFlags/, &hUnpackManifest);
551	if (RT_SUCCESS(vrc))
552	{
553	/*
554	* Process the tarball (would be nice to move this to a function).
555	*/
556	for (;;)
557	{
558	/*
559	* Get the next stream object.
560	*/
561	char *pszName;
562	RTVFSOBJ hVfsObj;
563	RTVFSOBJTYPE enmType;
564	vrc = RTVfsFsStrmNext(hTarFss, &pszName, &enmType, &hVfsObj);
565	if (RT_FAILURE(vrc))
566	{
567	if (vrc != VERR_EOF)
568	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTVfsFsStrmNext failed: %Rrc", vrc);
569	break;
570	}
571	const char *pszAdjName = pszName[0] == '.' && pszName[1] == '/' ? &pszName[2] : pszName;
572
573	/*
574	* Check the type & name validity then unpack it.
575	*/
576	rcExit = ValidateMemberOfExtPack(pszName, enmType, hVfsObj);
577	if (rcExit == RTEXITCODE_SUCCESS)
578	{
579	szDstPath[offDstPath] = '\0';
580	vrc = RTStrCopy(&szDstPath[offDstPath], sizeof(szDstPath) - offDstPath, pszAdjName);
581	if (RT_SUCCESS(vrc))
582	{
583	if ( enmType == RTVFSOBJTYPE_FILE
584	\|\| enmType == RTVFSOBJTYPE_IO_STREAM)
585	{
586	RTVFSIOSTREAM hVfsIos = RTVfsObjToIoStream(hVfsObj);
587	rcExit = UnpackExtPackFile(pszAdjName, szDstPath, hVfsIos, hUnpackManifest);
588	RTVfsIoStrmRelease(hVfsIos);
589	}
590	else if (*pszAdjName && strcmp(pszAdjName, "."))
591	rcExit = UnpackExtPackDir(szDstPath, hVfsObj);
592	}
593	else
594	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Name is too long: '%s' (%Rrc)", pszAdjName, vrc);
595	}
596
597	/*
598	* Clean up and break out on failure.
599	*/
600	RTVfsObjRelease(hVfsObj);
601	RTStrFree(pszName);
602	if (rcExit != RTEXITCODE_SUCCESS)
603	break;
604	}
605
606	/*
607	* Check that what we just extracted matches the already verified
608	* manifest.
609	*/
610	if (rcExit == RTEXITCODE_SUCCESS)
611	{
612	char szError[RTPATH_MAX];
613	vrc = RTManifestEqualsEx(hUnpackManifest, hValidManifest, NULL /papszIgnoreEntries/, NULL /papszIgnoreAttr/,
614	0 /fFlags/, szError, sizeof(szError));
615	if (RT_SUCCESS(vrc))
616	rcExit = RTEXITCODE_SUCCESS;
617	else if (vrc == VERR_NOT_EQUAL && szError[0])
618	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Manifest mismatch: %s", szError);
619	else
620	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTManifestEqualsEx failed: %Rrc", vrc);
621	}
622	#if 0
623	RTVFSIOSTREAM hVfsIosStdOut = NIL_RTVFSIOSTREAM;
624	RTVfsIoStrmFromStdHandle(RTHANDLESTD_OUTPUT, RTFILE_O_WRITE, true, &hVfsIosStdOut);
625	RTVfsIoStrmWrite(hVfsIosStdOut, "Unpack:\n", sizeof("Unpack:\n") - 1, true, NULL);
626	RTManifestWriteStandard(hUnpackManifest, hVfsIosStdOut);
627	RTVfsIoStrmWrite(hVfsIosStdOut, "Valid:\n", sizeof("Valid:\n") - 1, true, NULL);
628	RTManifestWriteStandard(hValidManifest, hVfsIosStdOut);
629	#endif
630	RTManifestRelease(hUnpackManifest);
631	}
632	RTVfsFsStrmRelease(hTarFss);
633
634	return rcExit;
635	}
636
637
638
639	/**
640	* Wrapper around VBoxExtPackValidateTarball.
641	*
642	* @returns The program exit code.
643	* @param hTarballFile The handle to open the @a pszTarball file.
644	* @param pszExtPackName The name of the extension pack name.
645	* @param pszTarball The name of the tarball in case we have to
646	* complain about something.
647	* @param pszTarballDigest The SHA-256 digest of the tarball.
648	* @param phValidManifest Where to return the handle to fully validated
649	* the manifest for the extension pack. This
650	* includes all files.
651	*/
652	static RTEXITCODE ValidateExtPackTarball(RTFILE hTarballFile, const char pszExtPackName, const char pszTarball,
653	const char *pszTarballDigest, PRTMANIFEST phValidManifest)
654	{
655	*phValidManifest = NIL_RTMANIFEST;
656	RTMsgInfo("Validating extension pack '%s' ('%s')...", pszTarball, pszExtPackName);
657	Assert(pszTarballDigest && *pszTarballDigest);
658
659	char szError[8192];
660	int vrc = VBoxExtPackValidateTarball(hTarballFile, pszExtPackName, pszTarball, pszTarballDigest,
661	szError, sizeof(szError), phValidManifest, NULL /phXmlFile/, NULL /pStrDigest/);
662	if (RT_FAILURE(vrc))
663	{
664	Assert(szError[0]);
665	return RTMsgErrorExit(RTEXITCODE_FAILURE, "%s", szError);
666	}
667	Assert(!szError[0]);
668	return RTEXITCODE_SUCCESS;
669	}
670
671
672	/**
673	* The 2nd part of the installation process.
674	*
675	* @returns The program exit code.
676	* @param pszBaseDir The base directory.
677	* @param pszCertDir The certificat directory.
678	* @param pszTarball The tarball name.
679	* @param pszTarballDigest The SHA-256 digest of the tarball. Empty string
680	* if no digest available.
681	* @param hTarballFile The handle to open the @a pszTarball file.
682	* @param hTarballFileOpt The tarball file handle (optional).
683	* @param pszName The extension pack name.
684	* @param pszMangledName The mangled extension pack name.
685	* @param fReplace Whether to replace any existing ext pack.
686	*/
687	static RTEXITCODE DoInstall2(const char pszBaseDir, const char pszCertDir, const char *pszTarball,
688	const char *pszTarballDigest, RTFILE hTarballFile, RTFILE hTarballFileOpt,
689	const char pszName, const char pszMangledName, bool fReplace)
690	{
691	RT_NOREF1(pszCertDir);
692
693	/*
694	* Do some basic validation of the tarball file.
695	*/
696	RTFSOBJINFO ObjInfo;
697	int vrc = RTFileQueryInfo(hTarballFile, &ObjInfo, RTFSOBJATTRADD_UNIX);
698	if (RT_FAILURE(vrc))
699	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTFileQueryInfo failed with %Rrc on '%s'", vrc, pszTarball);
700	if (!RTFS_IS_FILE(ObjInfo.Attr.fMode))
701	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Not a regular file: %s", pszTarball);
702
703	if (hTarballFileOpt != NIL_RTFILE)
704	{
705	RTFSOBJINFO ObjInfo2;
706	vrc = RTFileQueryInfo(hTarballFileOpt, &ObjInfo2, RTFSOBJATTRADD_UNIX);
707	if (RT_FAILURE(vrc))
708	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTFileQueryInfo failed with %Rrc on --tarball-fd", vrc);
709	if ( ObjInfo.Attr.u.Unix.INodeIdDevice != ObjInfo2.Attr.u.Unix.INodeIdDevice
710	\|\| ObjInfo.Attr.u.Unix.INodeId != ObjInfo2.Attr.u.Unix.INodeId)
711	return RTMsgErrorExit(RTEXITCODE_FAILURE, "--tarball and --tarball-fd does not match");
712	}
713
714	/*
715	* Construct the paths to the two directories we'll be using.
716	*/
717	char szFinalPath[RTPATH_MAX];
718	vrc = RTPathJoin(szFinalPath, sizeof(szFinalPath), pszBaseDir, pszMangledName);
719	if (RT_FAILURE(vrc))
720	return RTMsgErrorExit(RTEXITCODE_FAILURE,
721	"Failed to construct the path to the final extension pack directory: %Rrc", vrc);
722
723	char szTmpPath[RTPATH_MAX];
724	vrc = RTPathJoin(szTmpPath, sizeof(szTmpPath) - 64, pszBaseDir, pszMangledName);
725	if (RT_SUCCESS(vrc))
726	{
727	size_t cchTmpPath = strlen(szTmpPath);
728	RTStrPrintf(&szTmpPath[cchTmpPath], sizeof(szTmpPath) - cchTmpPath, "-_-inst-%u", (uint32_t)RTProcSelf());
729	}
730	if (RT_FAILURE(vrc))
731	return RTMsgErrorExit(RTEXITCODE_FAILURE,
732	"Failed to construct the path to the temporary extension pack directory: %Rrc", vrc);
733
734	/*
735	* Check that they don't exist at this point in time, unless fReplace=true.
736	*/
737	vrc = RTPathQueryInfoEx(szFinalPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_ON_LINK);
738	if (RT_SUCCESS(vrc) && RTFS_IS_DIRECTORY(ObjInfo.Attr.fMode))
739	{
740	if (!fReplace)
741	return RTMsgErrorExit(RTEXITCODE_FAILURE,
742	"The extension pack is already installed. You must uninstall the old one first.");
743	}
744	else if (RT_SUCCESS(vrc))
745	return RTMsgErrorExit(RTEXITCODE_FAILURE,
746	"Found non-directory file system object where the extension pack would be installed ('%s')",
747	szFinalPath);
748	else if (vrc != VERR_FILE_NOT_FOUND && vrc != VERR_PATH_NOT_FOUND)
749	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Unexpected RTPathQueryInfoEx status code %Rrc for '%s'", vrc, szFinalPath);
750
751	vrc = RTPathQueryInfoEx(szTmpPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_ON_LINK);
752	if (vrc != VERR_FILE_NOT_FOUND && vrc != VERR_PATH_NOT_FOUND)
753	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Unexpected RTPathQueryInfoEx status code %Rrc for '%s'", vrc, szFinalPath);
754
755	/*
756	* Create the temporary directory and prepare the extension pack within it.
757	* If all checks out correctly, rename it to the final directory.
758	*/
759	RTDirCreate(pszBaseDir, 0755, 0);
760	#ifndef RT_OS_WINDOWS
761	/*
762	* Because of umask, we have to apply the mode again.
763	*/
764	vrc = RTPathSetMode(pszBaseDir, 0755);
765	if (RT_FAILURE(vrc))
766	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to set directory permissions on '%s': %Rrc", pszBaseDir, vrc);
767	#else
768	/** @todo Ownership tricks on windows? */
769	#endif
770	vrc = RTDirCreate(szTmpPath, 0700, 0);
771	if (RT_FAILURE(vrc))
772	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to create temporary directory: %Rrc ('%s')", vrc, szTmpPath);
773
774	RTMANIFEST hValidManifest = NIL_RTMANIFEST;
775	RTEXITCODE rcExit = ValidateExtPackTarball(hTarballFile, pszName, pszTarball, pszTarballDigest, &hValidManifest);
776	if (rcExit == RTEXITCODE_SUCCESS)
777	rcExit = UnpackExtPack(hTarballFile, szTmpPath, hValidManifest, pszTarball);
778	if (rcExit == RTEXITCODE_SUCCESS)
779	rcExit = ValidateUnpackedExtPack(szTmpPath, pszTarball, pszName);
780	if (rcExit == RTEXITCODE_SUCCESS)
781	rcExit = SetExtPackPermissions(szTmpPath);
782	RTManifestRelease(hValidManifest);
783
784	if (rcExit == RTEXITCODE_SUCCESS)
785	{
786	vrc = CommonDirRenameWrapper(szTmpPath, szFinalPath, RTPATHRENAME_FLAGS_NO_REPLACE);
787	if ( RT_FAILURE(vrc)
788	&& fReplace
789	&& RTDirExists(szFinalPath))
790	{
791	/* Automatic uninstall if --replace was given. */
792	rcExit = CommonUninstallWorker(szFinalPath);
793	if (rcExit == RTEXITCODE_SUCCESS)
794	vrc = CommonDirRenameWrapper(szTmpPath, szFinalPath, RTPATHRENAME_FLAGS_NO_REPLACE);
795	}
796	if (RT_SUCCESS(vrc))
797	RTMsgInfo("Successfully installed '%s' (%s)", pszName, pszTarball);
798	else if (rcExit == RTEXITCODE_SUCCESS)
799	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE,
800	"Failed to rename the temporary directory to the final one: %Rrc ('%s' -> '%s')",
801	vrc, szTmpPath, szFinalPath);
802	}
803
804	/*
805	* Clean up the temporary directory on failure.
806	*/
807	if (rcExit != RTEXITCODE_SUCCESS)
808	RemoveExtPackDir(szTmpPath, true /fTemporary/);
809
810	return rcExit;
811	}
812
813
814	/**
815	* Implements the 'install' command.
816	*
817	* @returns The program exit code.
818	* @param argc The number of program arguments.
819	* @param argv The program arguments.
820	*/
821	static RTEXITCODE DoInstall(int argc, char **argv)
822	{
823	/*
824	* Parse the parameters.
825	*
826	* Note! The --base-dir and --cert-dir are only for checking that the
827	* caller and this help applications have the same idea of where
828	* things are. Likewise, the --name is for verifying assumptions
829	* the caller made about the name. The optional --tarball-fd option
830	* is just for easing the paranoia on the user side.
831	*/
832	static const RTGETOPTDEF s_aOptions[] =
833	{
834	{ "--base-dir", 'b', RTGETOPT_REQ_STRING },
835	{ "--cert-dir", 'c', RTGETOPT_REQ_STRING },
836	{ "--name", 'n', RTGETOPT_REQ_STRING },
837	{ "--tarball", 't', RTGETOPT_REQ_STRING },
838	{ "--tarball-fd", 'd', RTGETOPT_REQ_UINT64 },
839	{ "--replace", 'r', RTGETOPT_REQ_NOTHING },
840	{ "--sha-256", 's', RTGETOPT_REQ_STRING }
841	};
842	RTGETOPTSTATE GetState;
843	int vrc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0 /fFlags/);
844	if (RT_FAILURE(vrc))
845	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc\n", vrc);
846
847	const char *pszBaseDir = NULL;
848	const char *pszCertDir = NULL;
849	const char *pszName = NULL;
850	const char *pszTarball = NULL;
851	const char *pszTarballDigest = NULL;
852	RTFILE hTarballFileOpt = NIL_RTFILE;
853	bool fReplace = false;
854	RTGETOPTUNION ValueUnion;
855	int ch;
856	while ((ch = RTGetOpt(&GetState, &ValueUnion)))
857	{
858	switch (ch)
859	{
860	case 'b':
861	if (pszBaseDir)
862	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --base-dir options");
863	pszBaseDir = ValueUnion.psz;
864	if (!IsValidBaseDir(pszBaseDir))
865	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Invalid base directory: '%s'", pszBaseDir);
866	break;
867
868	case 'c':
869	if (pszCertDir)
870	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --cert-dir options");
871	pszCertDir = ValueUnion.psz;
872	if (!IsValidCertificateDir(pszCertDir))
873	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Invalid certificate directory: '%s'", pszCertDir);
874	break;
875
876	case 'n':
877	if (pszName)
878	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --name options");
879	pszName = ValueUnion.psz;
880	if (!VBoxExtPackIsValidName(pszName))
881	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Invalid extension pack name: '%s'", pszName);
882	break;
883
884	case 't':
885	if (pszTarball)
886	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --tarball options");
887	pszTarball = ValueUnion.psz;
888	break;
889
890	case 'd':
891	{
892	if (hTarballFileOpt != NIL_RTFILE)
893	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --tarball-fd options");
894	RTHCUINTPTR hNative = (RTHCUINTPTR)ValueUnion.u64;
895	if (hNative != ValueUnion.u64)
896	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "The --tarball-fd value is out of range: %#RX64", ValueUnion.u64);
897	vrc = RTFileFromNative(&hTarballFileOpt, hNative);
898	if (RT_FAILURE(vrc))
899	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "RTFileFromNative failed on --target-fd value: %Rrc", vrc);
900	break;
901	}
902
903	case 'r':
904	fReplace = true;
905	break;
906
907	case 's':
908	{
909	if (pszTarballDigest)
910	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --sha-256 options");
911	pszTarballDigest = ValueUnion.psz;
912
913	uint8_t abDigest[RTSHA256_HASH_SIZE];
914	vrc = RTSha256FromString(pszTarballDigest, abDigest);
915	if (RT_FAILURE(vrc))
916	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Bad SHA-256 string: %Rrc", vrc);
917	break;
918	}
919
920	case 'h':
921	case 'V':
922	return DoStandardOption(ch);
923
924	default:
925	return RTGetOptPrintError(ch, &ValueUnion);
926	}
927	}
928	if (!pszName)
929	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --name option");
930	if (!pszBaseDir)
931	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --base-dir option");
932	if (!pszCertDir)
933	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --cert-dir option");
934	if (!pszTarball)
935	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --tarball option");
936	if (!pszTarballDigest)
937	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --sha-256 option");
938
939	/*
940	* Ok, down to business.
941	*/
942	RTCString *pstrMangledName = VBoxExtPackMangleName(pszName);
943	if (!pstrMangledName)
944	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to mangle name ('%s)", pszName);
945
946	RTEXITCODE rcExit;
947	RTFILE hTarballFile;
948	vrc = RTFileOpen(&hTarballFile, pszTarball, RTFILE_O_READ \| RTFILE_O_OPEN \| RTFILE_O_DENY_WRITE);
949	if (RT_SUCCESS(vrc))
950	{
951	rcExit = DoInstall2(pszBaseDir, pszCertDir, pszTarball, pszTarballDigest, hTarballFile, hTarballFileOpt,
952	pszName, pstrMangledName->c_str(), fReplace);
953	RTFileClose(hTarballFile);
954	}
955	else
956	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to open the extension pack tarball: %Rrc ('%s')", vrc, pszTarball);
957
958	delete pstrMangledName;
959	return rcExit;
960	}
961
962
963	/**
964	* Implements the 'uninstall' command.
965	*
966	* @returns The program exit code.
967	* @param argc The number of program arguments.
968	* @param argv The program arguments.
969	*/
970	static RTEXITCODE DoUninstall(int argc, char **argv)
971	{
972	/*
973	* Parse the parameters.
974	*
975	* Note! The --base-dir is only for checking that the caller and this help
976	* applications have the same idea of where things are.
977	*/
978	static const RTGETOPTDEF s_aOptions[] =
979	{
980	{ "--base-dir", 'b', RTGETOPT_REQ_STRING },
981	{ "--name", 'n', RTGETOPT_REQ_STRING },
982	{ "--forced", 'f', RTGETOPT_REQ_NOTHING },
983	};
984	RTGETOPTSTATE GetState;
985	int vrc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0 /fFlags/);
986	if (RT_FAILURE(vrc))
987	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc\n", vrc);
988
989	const char *pszBaseDir = NULL;
990	const char *pszName = NULL;
991	RTGETOPTUNION ValueUnion;
992	int ch;
993	while ((ch = RTGetOpt(&GetState, &ValueUnion)))
994	{
995	switch (ch)
996	{
997	case 'b':
998	if (pszBaseDir)
999	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --base-dir options");
1000	pszBaseDir = ValueUnion.psz;
1001	if (!IsValidBaseDir(pszBaseDir))
1002	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Invalid base directory: '%s'", pszBaseDir);
1003	break;
1004
1005	case 'n':
1006	if (pszName)
1007	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --name options");
1008	pszName = ValueUnion.psz;
1009	if (!VBoxExtPackIsValidName(pszName))
1010	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Invalid extension pack name: '%s'", pszName);
1011	break;
1012
1013	case 'f':
1014	/* ignored */
1015	break;
1016
1017	case 'h':
1018	case 'V':
1019	return DoStandardOption(ch);
1020
1021	default:
1022	return RTGetOptPrintError(ch, &ValueUnion);
1023	}
1024	}
1025	if (!pszName)
1026	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --name option");
1027	if (!pszBaseDir)
1028	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --base-dir option");
1029
1030	/*
1031	* Mangle the name so we can construct the directory names.
1032	*/
1033	RTCString *pstrMangledName = VBoxExtPackMangleName(pszName);
1034	if (!pstrMangledName)
1035	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to mangle name ('%s)", pszName);
1036	RTCString strMangledName(*pstrMangledName);
1037	delete pstrMangledName;
1038
1039	/*
1040	* Ok, down to business.
1041	*/
1042	/* Check that it exists. */
1043	char szExtPackDir[RTPATH_MAX];
1044	vrc = RTPathJoin(szExtPackDir, sizeof(szExtPackDir), pszBaseDir, strMangledName.c_str());
1045	if (RT_FAILURE(vrc))
1046	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to construct extension pack path: %Rrc", vrc);
1047
1048	if (!RTDirExists(szExtPackDir))
1049	{
1050	RTMsgInfo("Extension pack not installed. Nothing to do.");
1051	return RTEXITCODE_SUCCESS;
1052	}
1053
1054	RTEXITCODE rcExit = CommonUninstallWorker(szExtPackDir);
1055	if (rcExit == RTEXITCODE_SUCCESS)
1056	RTMsgInfo("Successfully removed extension pack '%s'\n", pszName);
1057
1058	return rcExit;
1059	}
1060
1061	/**
1062	* Implements the 'cleanup' command.
1063	*
1064	* @returns The program exit code.
1065	* @param argc The number of program arguments.
1066	* @param argv The program arguments.
1067	*/
1068	static RTEXITCODE DoCleanup(int argc, char **argv)
1069	{
1070	/*
1071	* Parse the parameters.
1072	*
1073	* Note! The --base-dir is only for checking that the caller and this help
1074	* applications have the same idea of where things are.
1075	*/
1076	static const RTGETOPTDEF s_aOptions[] =
1077	{
1078	{ "--base-dir", 'b', RTGETOPT_REQ_STRING },
1079	};
1080	RTGETOPTSTATE GetState;
1081	int vrc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0 /fFlags/);
1082	if (RT_FAILURE(vrc))
1083	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc\n", vrc);
1084
1085	const char *pszBaseDir = NULL;
1086	RTGETOPTUNION ValueUnion;
1087	int ch;
1088	while ((ch = RTGetOpt(&GetState, &ValueUnion)))
1089	{
1090	switch (ch)
1091	{
1092	case 'b':
1093	if (pszBaseDir)
1094	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --base-dir options");
1095	pszBaseDir = ValueUnion.psz;
1096	if (!IsValidBaseDir(pszBaseDir))
1097	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Invalid base directory: '%s'", pszBaseDir);
1098	break;
1099
1100	case 'h':
1101	case 'V':
1102	return DoStandardOption(ch);
1103
1104	default:
1105	return RTGetOptPrintError(ch, &ValueUnion);
1106	}
1107	}
1108	if (!pszBaseDir)
1109	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing --base-dir option");
1110
1111	/*
1112	* Ok, down to business.
1113	*/
1114	RTDIR hDir;
1115	vrc = RTDirOpen(&hDir, pszBaseDir);
1116	if (RT_FAILURE(vrc))
1117	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed open the base directory: %Rrc ('%s')", vrc, pszBaseDir);
1118
1119	uint32_t cCleaned = 0;
1120	RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
1121	for (;;)
1122	{
1123	RTDIRENTRYEX Entry;
1124	vrc = RTDirReadEx(hDir, &Entry, NULL /pcbDirEntry/, RTFSOBJATTRADD_NOTHING, RTPATH_F_ON_LINK);
1125	if (RT_FAILURE(vrc))
1126	{
1127	if (vrc != VERR_NO_MORE_FILES)
1128	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDirReadEx returns %Rrc", vrc);
1129	break;
1130	}
1131
1132	/*
1133	* Only directories which conform with our temporary install/uninstall
1134	* naming scheme are candidates for cleaning.
1135	*/
1136	if ( RTFS_IS_DIRECTORY(Entry.Info.Attr.fMode)
1137	&& strcmp(Entry.szName, ".") != 0
1138	&& strcmp(Entry.szName, "..") != 0)
1139	{
1140	bool fCandidate = false;
1141	char *pszMarker = strstr(Entry.szName, "-_-");
1142	if ( pszMarker
1143	&& ( !strcmp(pszMarker, "-_-uninst")
1144	\|\| !strncmp(pszMarker, RT_STR_TUPLE("-_-inst"))))
1145	fCandidate = VBoxExtPackIsValidMangledName(Entry.szName, pszMarker - &Entry.szName[0]);
1146	if (fCandidate)
1147	{
1148	/*
1149	* Recursive delete, safe.
1150	*/
1151	char szPath[RTPATH_MAX];
1152	vrc = RTPathJoin(szPath, sizeof(szPath), pszBaseDir, Entry.szName);
1153	if (RT_SUCCESS(vrc))
1154	{
1155	RTEXITCODE rcExit2 = RemoveExtPackDir(szPath, true /fTemporary/);
1156	if (rcExit2 == RTEXITCODE_SUCCESS)
1157	RTMsgInfo("Successfully removed '%s'.", Entry.szName);
1158	else if (rcExit == RTEXITCODE_SUCCESS)
1159	rcExit = rcExit2;
1160	}
1161	else
1162	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTPathJoin failed with %Rrc for '%s'", vrc, Entry.szName);
1163	cCleaned++;
1164	}
1165	}
1166	}
1167	RTDirClose(hDir);
1168	if (!cCleaned)
1169	RTMsgInfo("Nothing to clean.");
1170	return rcExit;
1171	}
1172
1173	#ifdef WITH_ELEVATION
1174
1175	#if !defined(RT_OS_WINDOWS) && !defined(RT_OS_DARWIN)
1176	/**
1177	* Looks in standard locations for a suitable exec tool.
1178	*
1179	* @returns true if found, false if not.
1180	* @param pszPath Where to store the path to the tool on
1181	* successs.
1182	* @param cbPath The size of the buffer @a pszPath points to.
1183	* @param pszName The name of the tool we're looking for.
1184	*/
1185	static bool FindExecTool(char pszPath, size_t cbPath, const char pszName)
1186	{
1187	static const char * const s_apszPaths[] =
1188	{
1189	"/bin",
1190	"/usr/bin",
1191	"/usr/local/bin",
1192	"/sbin",
1193	"/usr/sbin",
1194	"/usr/local/sbin",
1195	#ifdef RT_OS_SOLARIS
1196	"/usr/sfw/bin",
1197	"/usr/gnu/bin",
1198	"/usr/xpg4/bin",
1199	"/usr/xpg6/bin",
1200	"/usr/openwin/bin",
1201	"/usr/ucb"
1202	#endif
1203	};
1204
1205	for (unsigned i = 0; i < RT_ELEMENTS(s_apszPaths); i++)
1206	{
1207	int vrc = RTPathJoin(pszPath, cbPath, s_apszPaths[i], pszName);
1208	if (RT_SUCCESS(vrc))
1209	{
1210	RTFSOBJINFO ObjInfo;
1211	vrc = RTPathQueryInfoEx(pszPath, &ObjInfo, RTFSOBJATTRADD_UNIX, RTPATH_F_FOLLOW_LINK);
1212	if (RT_SUCCESS(vrc))
1213	{
1214	if (!(ObjInfo.Attr.fMode & RTFS_UNIX_IWOTH))
1215	return true;
1216	}
1217	}
1218	}
1219	return false;
1220	}
1221	#endif
1222
1223
1224	/**
1225	* Copies the content of a file to a stream.
1226	*
1227	* @param hSrc The source file.
1228	* @param pDst The destination stream.
1229	* @param fComplain Whether to complain about errors (i.e. is this
1230	* stderr, if not keep the trap shut because it
1231	* may be missing when running under VBoxSVC.)
1232	*/
1233	static void CopyFileToStdXxx(RTFILE hSrc, PRTSTREAM pDst, bool fComplain)
1234	{
1235	int vrc;
1236	for (;;)
1237	{
1238	char abBuf[0x1000];
1239	size_t cbRead;
1240	vrc = RTFileRead(hSrc, abBuf, sizeof(abBuf), &cbRead);
1241	if (RT_FAILURE(vrc))
1242	{
1243	RTMsgError("RTFileRead failed: %Rrc", vrc);
1244	break;
1245	}
1246	if (!cbRead)
1247	break;
1248	vrc = RTStrmWrite(pDst, abBuf, cbRead);
1249	if (RT_FAILURE(vrc))
1250	{
1251	if (fComplain)
1252	RTMsgError("RTStrmWrite failed: %Rrc", vrc);
1253	break;
1254	}
1255	}
1256	vrc = RTStrmFlush(pDst);
1257	if (RT_FAILURE(vrc) && fComplain)
1258	RTMsgError("RTStrmFlush failed: %Rrc", vrc);
1259	}
1260
1261
1262	/**
1263	* Relaunches ourselves as a elevated process using platform specific facilities.
1264	*
1265	* @returns Program exit code.
1266	* @param pszExecPath The executable path.
1267	* @param papszArgs The arguments.
1268	* @param cSuArgs The number of argument entries reserved for the
1269	* 'su' like programs at the start of papszArgs.
1270	* @param cMyArgs The number of arguments following @a cSuArgs.
1271	* @param iCmd The command that is being executed. (For
1272	* selecting messages.)
1273	* @param pszDisplayInfoHack Display information hack. Platform specific++.
1274	*/
1275	static RTEXITCODE RelaunchElevatedNative(const char pszExecPath, const char *papszArgs, int cSuArgs, int cMyArgs,
1276	int iCmd, const char *pszDisplayInfoHack)
1277	{
1278	RT_NOREF1(cMyArgs);
1279	RTEXITCODE rcExit = RTEXITCODE_FAILURE;
1280	#ifdef RT_OS_WINDOWS
1281	NOREF(iCmd);
1282
1283	MSG Msg;
1284	PeekMessage(&Msg, NULL, 0, 0, PM_NOREMOVE);
1285	CoInitializeEx(NULL, COINIT_APARTMENTTHREADED \| COINIT_DISABLE_OLE1DDE);
1286
1287	SHELLEXECUTEINFOW Info;
1288
1289	Info.cbSize = sizeof(Info);
1290	Info.fMask = SEE_MASK_NOCLOSEPROCESS;
1291	Info.hwnd = NULL;
1292	Info.lpVerb = L"runas";
1293	int vrc = RTStrToUtf16(pszExecPath, (PRTUTF16 *)&Info.lpFile);
1294	if (RT_SUCCESS(vrc))
1295	{
1296	char *pszCmdLine;
1297	vrc = RTGetOptArgvToString(&pszCmdLine, &papszArgs[cSuArgs + 1], RTGETOPTARGV_CNV_QUOTE_MS_CRT);
1298	if (RT_SUCCESS(vrc))
1299	{
1300	vrc = RTStrToUtf16(pszCmdLine, (PRTUTF16 *)&Info.lpParameters);
1301	if (RT_SUCCESS(vrc))
1302	{
1303	Info.lpDirectory = NULL;
1304	Info.nShow = SW_SHOWMAXIMIZED;
1305	Info.hInstApp = NULL;
1306	Info.lpIDList = NULL;
1307	Info.lpClass = NULL;
1308	Info.hkeyClass = NULL;
1309	Info.dwHotKey = 0;
1310	Info.hMonitor = NULL;
1311	Info.hProcess = INVALID_HANDLE_VALUE;
1312
1313	/* Apply display hacks. */
1314	if (pszDisplayInfoHack)
1315	{
1316	const char *pszArg = strstr(pszDisplayInfoHack, "hwnd=");
1317	if (pszArg)
1318	{
1319	uint64_t u64Hwnd;
1320	vrc = RTStrToUInt64Ex(pszArg + sizeof("hwnd=") - 1, NULL, 0, &u64Hwnd);
1321	if (RT_SUCCESS(vrc))
1322	{
1323	HWND hwnd = (HWND)(uintptr_t)u64Hwnd;
1324	Info.hwnd = hwnd;
1325	Info.hMonitor = MonitorFromWindow(hwnd, MONITOR_DEFAULTTOPRIMARY);
1326	}
1327	}
1328	}
1329	if (Info.hMonitor == NULL)
1330	{
1331	POINT Pt = {0,0};
1332	Info.hMonitor = MonitorFromPoint(Pt, MONITOR_DEFAULTTOPRIMARY);
1333	}
1334	if (Info.hMonitor != NULL)
1335	Info.fMask \|= SEE_MASK_HMONITOR;
1336
1337	if (ShellExecuteExW(&Info))
1338	{
1339	if (Info.hProcess != INVALID_HANDLE_VALUE)
1340	{
1341	/*
1342	* Wait for the process, make sure the deal with messages.
1343	*/
1344	for (;;)
1345	{
1346	DWORD dwRc = MsgWaitForMultipleObjects(1, &Info.hProcess, FALSE, 5000/ms/, QS_ALLEVENTS);
1347	if (dwRc == WAIT_OBJECT_0)
1348	break;
1349	if ( dwRc != WAIT_TIMEOUT
1350	&& dwRc != WAIT_OBJECT_0 + 1)
1351	{
1352	RTMsgError("MsgWaitForMultipleObjects returned: %#x (%d), err=%u", dwRc, dwRc, GetLastError());
1353	break;
1354	}
1355	while (PeekMessageW(&Msg, NULL, 0, 0, PM_REMOVE))
1356	{
1357	TranslateMessage(&Msg);
1358	DispatchMessageW(&Msg);
1359	}
1360	}
1361
1362	DWORD dwExitCode;
1363	if (GetExitCodeProcess(Info.hProcess, &dwExitCode))
1364	{
1365	if (dwExitCode < 128)
1366	rcExit = (RTEXITCODE)dwExitCode;
1367	else
1368	rcExit = RTEXITCODE_FAILURE;
1369	}
1370	CloseHandle(Info.hProcess);
1371	}
1372	else
1373	RTMsgError("ShellExecuteExW return INVALID_HANDLE_VALUE as Info.hProcess");
1374	}
1375	else
1376	RTMsgError("ShellExecuteExW failed: %u (%#x)", GetLastError(), GetLastError());
1377
1378
1379	RTUtf16Free((PRTUTF16)Info.lpParameters);
1380	}
1381	RTStrFree(pszCmdLine);
1382	}
1383
1384	RTUtf16Free((PRTUTF16)Info.lpFile);
1385	}
1386	else
1387	RTMsgError("RTStrToUtf16 failed: %Rc", vrc);
1388
1389	#elif defined(RT_OS_DARWIN)
1390	RT_NOREF(pszDisplayInfoHack);
1391	char szIconName[RTPATH_MAX];
1392	int vrc = RTPathAppPrivateArch(szIconName, sizeof(szIconName));
1393	if (RT_SUCCESS(vrc))
1394	vrc = RTPathAppend(szIconName, sizeof(szIconName), "../Resources/virtualbox.png");
1395	if (RT_FAILURE(vrc))
1396	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to construct icon path: %Rrc", vrc);
1397
1398	AuthorizationRef AuthRef;
1399	OSStatus orc = AuthorizationCreate(NULL, 0, kAuthorizationFlagDefaults, &AuthRef);
1400	if (orc == errAuthorizationSuccess)
1401	{
1402	/*
1403	* Preautorize the privileged execution of ourselves.
1404	*/
1405	AuthorizationItem AuthItem = { kAuthorizationRightExecute, 0, NULL, 0 };
1406	AuthorizationRights AuthRights = { 1, &AuthItem };
1407
1408	NOREF(iCmd);
1409	static char s_szPrompt[] = "VirtualBox needs further rights to make changes to your installation.\n\n";
1410	AuthorizationItem aAuthEnvItems[] =
1411	{
1412	{ kAuthorizationEnvironmentPrompt, strlen(s_szPrompt), s_szPrompt, 0 },
1413	{ kAuthorizationEnvironmentIcon, strlen(szIconName), szIconName, 0 }
1414	};
1415	AuthorizationEnvironment AuthEnv = { RT_ELEMENTS(aAuthEnvItems), aAuthEnvItems };
1416
1417	orc = AuthorizationCopyRights(AuthRef, &AuthRights, &AuthEnv,
1418	kAuthorizationFlagPreAuthorize \| kAuthorizationFlagInteractionAllowed
1419	\| kAuthorizationFlagExtendRights,
1420	NULL);
1421	if (orc == errAuthorizationSuccess)
1422	{
1423	/*
1424	* Execute with extra permissions
1425	*/
1426	FILE *pSocketStrm;
1427	#if defined(__clang__) \|\| RT_GNUC_PREREQ(4, 4)
1428	# pragma GCC diagnostic push
1429	# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
1430	#endif
1431	orc = AuthorizationExecuteWithPrivileges(AuthRef, pszExecPath, kAuthorizationFlagDefaults,
1432	(char * const *)&papszArgs[cSuArgs + 3],
1433	&pSocketStrm);
1434	#if defined(__clang__) \|\| RT_GNUC_PREREQ(4, 4)
1435	# pragma GCC diagnostic pop
1436	#endif
1437	if (orc == errAuthorizationSuccess)
1438	{
1439	/*
1440	* Read the output of the tool, the read will fail when it quits.
1441	*/
1442	for (;;)
1443	{
1444	char achBuf[1024];
1445	size_t cbRead = fread(achBuf, 1, sizeof(achBuf), pSocketStrm);
1446	if (!cbRead)
1447	break;
1448	fwrite(achBuf, 1, cbRead, stdout);
1449	}
1450	rcExit = RTEXITCODE_SUCCESS;
1451	fclose(pSocketStrm);
1452	}
1453	else
1454	RTMsgError("AuthorizationExecuteWithPrivileges failed: %d", orc);
1455	}
1456	else if (orc == errAuthorizationCanceled)
1457	RTMsgError("Authorization canceled by the user");
1458	else
1459	RTMsgError("AuthorizationCopyRights failed: %d", orc);
1460	AuthorizationFree(AuthRef, kAuthorizationFlagDefaults);
1461	}
1462	else
1463	RTMsgError("AuthorizationCreate failed: %d", orc);
1464
1465	#else
1466
1467	RT_NOREF2(pszExecPath, pszDisplayInfoHack);
1468
1469	/*
1470	* Several of the alternatives below will require a command line.
1471	*/
1472	char *pszCmdLine;
1473	int vrc = RTGetOptArgvToString(&pszCmdLine, &papszArgs[cSuArgs], RTGETOPTARGV_CNV_QUOTE_BOURNE_SH);
1474	if (RT_FAILURE(vrc))
1475	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptArgvToString failed: %Rrc", vrc);
1476
1477	/*
1478	* Look for various standard stuff for executing a program as root.
1479	*
1480	* N.B. When adding new arguments, please make 100% sure RelaunchElevated
1481	* allocates enough array entries.
1482	*
1483	* TODO: Feel free to contribute code for using PolicyKit directly.
1484	*/
1485	bool fHaveDisplayVar = RTEnvExist("DISPLAY");
1486	int iSuArg = cSuArgs;
1487	char szExecTool[260];
1488	char szXterm[260];
1489
1490	/*
1491	* kdesudo is available on KDE3/KDE4
1492	*/
1493	if (fHaveDisplayVar && FindExecTool(szExecTool, sizeof(szExecTool), "kdesudo"))
1494	{
1495	iSuArg = cSuArgs - 4;
1496	papszArgs[cSuArgs - 4] = szExecTool;
1497	papszArgs[cSuArgs - 3] = "--comment";
1498	papszArgs[cSuArgs - 2] = iCmd == CMD_INSTALL
1499	? "VirtualBox extension pack installer"
1500	: iCmd == CMD_UNINSTALL
1501	? "VirtualBox extension pack uninstaller"
1502	: "VirtualBox extension pack maintainer";
1503	papszArgs[cSuArgs - 1] = "--";
1504	}
1505	/*
1506	* gksu is our favorite as it is very well integrated.
1507	*/
1508	else if (fHaveDisplayVar && FindExecTool(szExecTool, sizeof(szExecTool), "gksu"))
1509	{
1510	#if 0 /* older gksu does not grok --description nor '--' and multiple args. */
1511	iSuArg = cSuArgs - 4;
1512	papszArgs[cSuArgs - 4] = szExecTool;
1513	papszArgs[cSuArgs - 3] = "--description";
1514	papszArgs[cSuArgs - 2] = iCmd == CMD_INSTALL
1515	? "VirtualBox extension pack installer"
1516	: iCmd == CMD_UNINSTALL
1517	? "VirtualBox extension pack uninstaller"
1518	: "VirtualBox extension pack maintainer";
1519	papszArgs[cSuArgs - 1] = "--";
1520	#elif defined(RT_OS_SOLARIS) /* Force it not to use pfexec as it won't wait then. */
1521	iSuArg = cSuArgs - 4;
1522	papszArgs[cSuArgs - 4] = szExecTool;
1523	papszArgs[cSuArgs - 3] = "-au";
1524	papszArgs[cSuArgs - 2] = "root";
1525	papszArgs[cSuArgs - 1] = pszCmdLine;
1526	papszArgs[cSuArgs] = NULL;
1527	#else
1528	iSuArg = cSuArgs - 2;
1529	papszArgs[cSuArgs - 2] = szExecTool;
1530	papszArgs[cSuArgs - 1] = pszCmdLine;
1531	papszArgs[cSuArgs] = NULL;
1532	#endif
1533	}
1534	/*
1535	* pkexec may work for ssh console sessions as well if the right agents
1536	* are installed. However it is very generic and does not allow for any
1537	* custom messages. Thus it comes after gksu.
1538	*/
1539	else if (FindExecTool(szExecTool, sizeof(szExecTool), "pkexec"))
1540	{
1541	iSuArg = cSuArgs - 1;
1542	papszArgs[cSuArgs - 1] = szExecTool;
1543	}
1544	/*
1545	* The ultimate fallback is running 'su -' within an xterm. We use the
1546	* title of the xterm to tell what is going on.
1547	*/
1548	else if ( fHaveDisplayVar
1549	&& FindExecTool(szExecTool, sizeof(szExecTool), "su")
1550	&& FindExecTool(szXterm, sizeof(szXterm), "xterm"))
1551	{
1552	iSuArg = cSuArgs - 9;
1553	papszArgs[cSuArgs - 9] = szXterm;
1554	papszArgs[cSuArgs - 8] = "-T";
1555	papszArgs[cSuArgs - 7] = iCmd == CMD_INSTALL
1556	? "VirtualBox extension pack installer - su"
1557	: iCmd == CMD_UNINSTALL
1558	? "VirtualBox extension pack uninstaller - su"
1559	: "VirtualBox extension pack maintainer - su";
1560	papszArgs[cSuArgs - 6] = "-e";
1561	papszArgs[cSuArgs - 5] = szExecTool;
1562	papszArgs[cSuArgs - 4] = "-";
1563	papszArgs[cSuArgs - 3] = "root";
1564	papszArgs[cSuArgs - 2] = "-c";
1565	papszArgs[cSuArgs - 1] = pszCmdLine;
1566	papszArgs[cSuArgs] = NULL;
1567	}
1568	else if (fHaveDisplayVar)
1569	RTMsgError("Unable to locate 'pkexec', 'gksu' or 'su+xterm'. Try perform the operation using VBoxManage running as root");
1570	else
1571	RTMsgError("Unable to locate 'pkexec'. Try perform the operation using VBoxManage running as root");
1572	if (iSuArg != cSuArgs)
1573	{
1574	AssertRelease(iSuArg >= 0);
1575
1576	/*
1577	* Argument list constructed, execute it and wait for the exec
1578	* program to complete.
1579	*/
1580	RTPROCESS hProcess;
1581	vrc = RTProcCreateEx(papszArgs[iSuArg], &papszArgs[iSuArg], RTENV_DEFAULT, 0 /fFlags/, NULL /phStdIn/,
1582	NULL /phStdOut/, NULL /phStdErr/, NULL /pszAsUser/, NULL /pszPassword/, NULL /* pvExtraData*/,
1583	&hProcess);
1584	if (RT_SUCCESS(vrc))
1585	{
1586	RTPROCSTATUS Status;
1587	vrc = RTProcWait(hProcess, RTPROCWAIT_FLAGS_BLOCK, &Status);
1588	if (RT_SUCCESS(vrc))
1589	{
1590	if (Status.enmReason == RTPROCEXITREASON_NORMAL)
1591	rcExit = (RTEXITCODE)Status.iStatus;
1592	else
1593	rcExit = RTEXITCODE_FAILURE;
1594	}
1595	else
1596	RTMsgError("Error while waiting for '%s': %Rrc", papszArgs[iSuArg], vrc);
1597	}
1598	else
1599	RTMsgError("Failed to execute '%s': %Rrc", papszArgs[iSuArg], vrc);
1600	}
1601	RTStrFree(pszCmdLine);
1602
1603	#endif
1604	return rcExit;
1605	}
1606
1607
1608	/**
1609	* Relaunches ourselves as a elevated process using platform specific facilities.
1610	*
1611	* @returns Program exit code.
1612	* @param argc The number of arguments.
1613	* @param argv The arguments.
1614	* @param iCmd The command that is being executed.
1615	* @param pszDisplayInfoHack Display information hack. Platform specific++.
1616	*/
1617	static RTEXITCODE RelaunchElevated(int argc, char *argv, int iCmd, const char pszDisplayInfoHack)
1618	{
1619	/*
1620	* We need the executable name later, so get it now when it's easy to quit.
1621	*/
1622	char szExecPath[RTPATH_MAX];
1623	if (!RTProcGetExecutablePath(szExecPath,sizeof(szExecPath)))
1624	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTProcGetExecutablePath failed");
1625
1626	/*
1627	* Create a couple of temporary files for stderr and stdout.
1628	*/
1629	char szTempDir[RTPATH_MAX - sizeof("/stderr")];
1630	int vrc = RTPathTemp(szTempDir, sizeof(szTempDir));
1631	if (RT_FAILURE(vrc))
1632	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTPathTemp failed: %Rrc", vrc);
1633	vrc = RTPathAppend(szTempDir, sizeof(szTempDir), "VBoxExtPackHelper-XXXXXX");
1634	if (RT_FAILURE(vrc))
1635	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTPathAppend failed: %Rrc", vrc);
1636	vrc = RTDirCreateTemp(szTempDir, 0700);
1637	if (RT_FAILURE(vrc))
1638	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDirCreateTemp failed: %Rrc", vrc);
1639
1640	RTEXITCODE rcExit = RTEXITCODE_FAILURE;
1641	char szStdOut[RTPATH_MAX];
1642	char szStdErr[RTPATH_MAX];
1643	vrc = RTPathJoin(szStdOut, sizeof(szStdOut), szTempDir, "stdout");
1644	if (RT_SUCCESS(vrc))
1645	vrc = RTPathJoin(szStdErr, sizeof(szStdErr), szTempDir, "stderr");
1646	if (RT_SUCCESS(vrc))
1647	{
1648	RTFILE hStdOut;
1649	vrc = RTFileOpen(&hStdOut, szStdOut, RTFILE_O_READWRITE \| RTFILE_O_CREATE \| RTFILE_O_DENY_NONE
1650	\| (0600 << RTFILE_O_CREATE_MODE_SHIFT));
1651	if (RT_SUCCESS(vrc))
1652	{
1653	RTFILE hStdErr;
1654	vrc = RTFileOpen(&hStdErr, szStdErr, RTFILE_O_READWRITE \| RTFILE_O_CREATE \| RTFILE_O_DENY_NONE
1655	\| (0600 << RTFILE_O_CREATE_MODE_SHIFT));
1656	if (RT_SUCCESS(vrc))
1657	{
1658	/*
1659	* Insert the --elevated and stdout/err names into the argument
1660	* list. Note that darwin skips the --stdout bit, so don't
1661	* change the order here.
1662	*/
1663	int const cSuArgs = 12;
1664	int cArgs = argc + 5 + 1;
1665	char const papszArgs = (char const )RTMemTmpAllocZ((cSuArgs + cArgs + 1) * sizeof(const char *));
1666	if (papszArgs)
1667	{
1668	int iDst = cSuArgs;
1669	papszArgs[iDst++] = argv[0];
1670	papszArgs[iDst++] = "--stdout";
1671	papszArgs[iDst++] = szStdOut;
1672	papszArgs[iDst++] = "--stderr";
1673	papszArgs[iDst++] = szStdErr;
1674	papszArgs[iDst++] = "--elevated";
1675	for (int iSrc = 1; iSrc <= argc; iSrc++)
1676	papszArgs[iDst++] = argv[iSrc];
1677
1678	/*
1679	* Do the platform specific process execution (waiting included).
1680	*/
1681	rcExit = RelaunchElevatedNative(szExecPath, papszArgs, cSuArgs, cArgs, iCmd, pszDisplayInfoHack);
1682
1683	/*
1684	* Copy the standard files to our standard handles.
1685	*/
1686	CopyFileToStdXxx(hStdErr, g_pStdErr, true /fComplain/);
1687	CopyFileToStdXxx(hStdOut, g_pStdOut, false);
1688
1689	RTMemTmpFree(papszArgs);
1690	}
1691
1692	RTFileClose(hStdErr);
1693	RTFileDelete(szStdErr);
1694	}
1695	RTFileClose(hStdOut);
1696	RTFileDelete(szStdOut);
1697	}
1698	}
1699	RTDirRemove(szTempDir);
1700
1701	return rcExit;
1702	}
1703
1704
1705	/**
1706	* Checks if the process is elevated or not.
1707	*
1708	* @returns RTEXITCODE_SUCCESS if preconditions are fine,
1709	* otherwise error message + RTEXITCODE_FAILURE.
1710	* @param pfElevated Where to store the elevation indicator.
1711	*/
1712	static RTEXITCODE ElevationCheck(bool *pfElevated)
1713	{
1714	*pfElevated = false;
1715
1716	# if defined(RT_OS_WINDOWS)
1717	/** @todo This should probably check if UAC is diabled and if we are
1718	* Administrator first. Also needs to check for Vista+ first, probably.
1719	*/
1720	DWORD cb;
1721	RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
1722	HANDLE hToken;
1723	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
1724	return RTMsgErrorExit(RTEXITCODE_FAILURE, "OpenProcessToken failed: %u (%#x)", GetLastError(), GetLastError());
1725
1726	/*
1727	* Check if we're member of the Administrators group. If we aren't, there
1728	* is no way to elevate ourselves to system admin.
1729	* N.B. CheckTokenMembership does not do the job here (due to attributes?).
1730	*/
1731	BOOL fIsAdmin = FALSE;
1732	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
1733	PSID pAdminGrpSid;
1734	if (AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pAdminGrpSid))
1735	{
1736	# ifdef DEBUG
1737	char *pszAdminGrpSid = NULL;
1738	ConvertSidToStringSid(pAdminGrpSid, &pszAdminGrpSid);
1739	# endif
1740
1741	if ( !GetTokenInformation(hToken, TokenGroups, NULL, 0, &cb)
1742	&& GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1743	{
1744	PTOKEN_GROUPS pTokenGroups = (PTOKEN_GROUPS)RTMemAllocZ(cb);
1745	if (GetTokenInformation(hToken, TokenGroups, pTokenGroups, cb, &cb))
1746	{
1747	for (DWORD iGrp = 0; iGrp < pTokenGroups->GroupCount; iGrp++)
1748	{
1749	# ifdef DEBUG
1750	char *pszGrpSid = NULL;
1751	ConvertSidToStringSid(pTokenGroups->Groups[iGrp].Sid, &pszGrpSid);
1752	# endif
1753	if (EqualSid(pAdminGrpSid, pTokenGroups->Groups[iGrp].Sid))
1754	{
1755	/* That it's listed is enough I think, ignore attributes. */
1756	fIsAdmin = TRUE;
1757	break;
1758	}
1759	}
1760	}
1761	else
1762	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "GetTokenInformation(TokenGroups,cb) failed: %u (%#x)", GetLastError(), GetLastError());
1763	RTMemFree(pTokenGroups);
1764	}
1765	else
1766	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "GetTokenInformation(TokenGroups,0) failed: %u (%#x)", GetLastError(), GetLastError());
1767
1768	FreeSid(pAdminGrpSid);
1769	}
1770	else
1771	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "AllocateAndInitializeSid failed: %u (%#x)", GetLastError(), GetLastError());
1772	if (fIsAdmin)
1773	{
1774	/*
1775	* Check the integrity level (Vista / UAC).
1776	*/
1777	# define MY_SECURITY_MANDATORY_HIGH_RID 0x00003000L
1778	# define MY_TokenIntegrityLevel ((TOKEN_INFORMATION_CLASS)25)
1779	if ( !GetTokenInformation(hToken, MY_TokenIntegrityLevel, NULL, 0, &cb)
1780	&& GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1781	{
1782	PSID_AND_ATTRIBUTES pSidAndAttr = (PSID_AND_ATTRIBUTES)RTMemAlloc(cb);
1783	if (GetTokenInformation(hToken, MY_TokenIntegrityLevel, pSidAndAttr, cb, &cb))
1784	{
1785	DWORD dwIntegrityLevel = GetSidSubAuthority(pSidAndAttr->Sid, GetSidSubAuthorityCount(pSidAndAttr->Sid) - 1U);
1786
1787	if (dwIntegrityLevel >= MY_SECURITY_MANDATORY_HIGH_RID)
1788	*pfElevated = true;
1789	}
1790	else
1791	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "GetTokenInformation failed: %u (%#x)", GetLastError(), GetLastError());
1792	RTMemFree(pSidAndAttr);
1793	}
1794	else if ( GetLastError() == ERROR_INVALID_PARAMETER
1795	\|\| GetLastError() == ERROR_NOT_SUPPORTED)
1796	pfElevated = true; / Older Windows version. */
1797	else
1798	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "GetTokenInformation failed: %u (%#x)", GetLastError(), GetLastError());
1799	}
1800	else
1801	rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Membership in the Administrators group is required to perform this action");
1802
1803	CloseHandle(hToken);
1804	return rcExit;
1805
1806	# else
1807	/*
1808	* On Unixy systems, we check if the executable and the current user is
1809	* the same. This heuristic works fine for both hardened and development
1810	* builds.
1811	*/
1812	char szExecPath[RTPATH_MAX];
1813	if (RTProcGetExecutablePath(szExecPath, sizeof(szExecPath)) == NULL)
1814	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTProcGetExecutablePath failed");
1815
1816	RTFSOBJINFO ObjInfo;
1817	int vrc = RTPathQueryInfoEx(szExecPath, &ObjInfo, RTFSOBJATTRADD_UNIX, RTPATH_F_ON_LINK);
1818	if (RT_FAILURE(vrc))
1819	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTPathQueryInfoEx failed");
1820
1821	*pfElevated = ObjInfo.Attr.u.Unix.uid == geteuid()
1822	\|\| ObjInfo.Attr.u.Unix.uid == getuid();
1823	return RTEXITCODE_SUCCESS;
1824	# endif
1825	}
1826
1827	#endif /* WITH_ELEVATION */
1828
1829	int main(int argc, char **argv)
1830	{
1831	/*
1832	* Initialize IPRT and check that we're correctly installed.
1833	*/
1834	#ifdef RT_OS_WINDOWS
1835	int vrc = RTR3InitExe(argc, &argv, RTR3INIT_FLAGS_UTF8_ARGV); /* WinMain gives us UTF-8, see below. */
1836	#else
1837	int vrc = RTR3InitExe(argc, &argv, 0);
1838	#endif
1839	if (RT_FAILURE(vrc))
1840	return RTMsgInitFailure(vrc);
1841
1842	SUPR3HardenedVerifyInit();
1843	RTERRINFOSTATIC ErrInfo;
1844	RTErrInfoInitStatic(&ErrInfo);
1845	vrc = SUPR3HardenedVerifySelf(argv[0], true /fInternal/, &ErrInfo.Core);
1846	if (RT_FAILURE(vrc))
1847	return RTMsgErrorExit(RTEXITCODE_FAILURE, "%s", ErrInfo.Core.pszMsg);
1848
1849	/*
1850	* Elevation check.
1851	*/
1852	const char *pszDisplayInfoHack = NULL;
1853	RTEXITCODE rcExit;
1854	#ifdef WITH_ELEVATION
1855	bool fElevated;
1856	rcExit = ElevationCheck(&fElevated);
1857	if (rcExit != RTEXITCODE_SUCCESS)
1858	return rcExit;
1859	#endif
1860
1861	/*
1862	* Parse the top level arguments until we find a command.
1863	*/
1864	static const RTGETOPTDEF s_aOptions[] =
1865	{
1866	{ "install", CMD_INSTALL, RTGETOPT_REQ_NOTHING },
1867	{ "uninstall", CMD_UNINSTALL, RTGETOPT_REQ_NOTHING },
1868	{ "cleanup", CMD_CLEANUP, RTGETOPT_REQ_NOTHING },
1869	#ifdef WITH_ELEVATION
1870	{ "--elevated", OPT_ELEVATED, RTGETOPT_REQ_NOTHING },
1871	{ "--stdout", OPT_STDOUT, RTGETOPT_REQ_STRING },
1872	{ "--stderr", OPT_STDERR, RTGETOPT_REQ_STRING },
1873	#endif
1874	{ "--display-info-hack", OPT_DISP_INFO_HACK, RTGETOPT_REQ_STRING },
1875	};
1876	RTGETOPTSTATE GetState;
1877	vrc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, 0 /fFlags/);
1878	if (RT_FAILURE(vrc))
1879	return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc\n", vrc);
1880	for (;;)
1881	{
1882	RTGETOPTUNION ValueUnion;
1883	int ch = RTGetOpt(&GetState, &ValueUnion);
1884	switch (ch)
1885	{
1886	case 0:
1887	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "No command specified");
1888
1889	case CMD_INSTALL:
1890	case CMD_UNINSTALL:
1891	case CMD_CLEANUP:
1892	{
1893	#ifdef WITH_ELEVATION
1894	if (!fElevated)
1895	return RelaunchElevated(argc, argv, ch, pszDisplayInfoHack);
1896	#endif
1897	int cCmdargs = argc - GetState.iNext;
1898	char **papszCmdArgs = argv + GetState.iNext;
1899	switch (ch)
1900	{
1901	case CMD_INSTALL:
1902	rcExit = DoInstall( cCmdargs, papszCmdArgs);
1903	break;
1904	case CMD_UNINSTALL:
1905	rcExit = DoUninstall(cCmdargs, papszCmdArgs);
1906	break;
1907	case CMD_CLEANUP:
1908	rcExit = DoCleanup( cCmdargs, papszCmdArgs);
1909	break;
1910	default:
1911	AssertReleaseFailedReturn(RTEXITCODE_FAILURE);
1912	}
1913
1914	/*
1915	* Standard error should end with rcExit=RTEXITCODE_SUCCESS on
1916	* success since the exit code may otherwise get lost in the
1917	* process elevation fun.
1918	*/
1919	RTStrmFlush(g_pStdOut);
1920	RTStrmFlush(g_pStdErr);
1921	switch (rcExit)
1922	{
1923	case RTEXITCODE_SUCCESS:
1924	RTStrmPrintf(g_pStdErr, "rcExit=RTEXITCODE_SUCCESS\n");
1925	break;
1926	default:
1927	RTStrmPrintf(g_pStdErr, "rcExit=%d\n", rcExit);
1928	break;
1929	}
1930	RTStrmFlush(g_pStdErr);
1931	RTStrmFlush(g_pStdOut);
1932	return rcExit;
1933	}
1934
1935	#ifdef WITH_ELEVATION
1936	case OPT_ELEVATED:
1937	fElevated = true;
1938	break;
1939
1940	case OPT_STDERR:
1941	case OPT_STDOUT:
1942	{
1943	# ifdef RT_OS_WINDOWS
1944	PRTUTF16 pwszName = NULL;
1945	vrc = RTStrToUtf16(ValueUnion.psz, &pwszName);
1946	if (RT_FAILURE(vrc))
1947	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error converting '%s' to UTF-16: %Rrc\n", ValueUnion.psz, vrc);
1948	FILE *pFile = _wfreopen(pwszName, L"r+", ch == OPT_STDOUT ? stdout : stderr);
1949	RTUtf16Free(pwszName);
1950	# else
1951	FILE *pFile = freopen(ValueUnion.psz, "r+", ch == OPT_STDOUT ? stdout : stderr);
1952	# endif
1953	if (!pFile)
1954	{
1955	vrc = RTErrConvertFromErrno(errno);
1956	return RTMsgErrorExit(RTEXITCODE_FAILURE, "freopen on '%s': %Rrc", ValueUnion.psz, vrc);
1957	}
1958	break;
1959	}
1960	#endif
1961
1962	case OPT_DISP_INFO_HACK:
1963	if (pszDisplayInfoHack)
1964	return RTMsgErrorExit(RTEXITCODE_SYNTAX, "--display-info-hack shall only occur once");
1965	pszDisplayInfoHack = ValueUnion.psz;
1966	break;
1967
1968	case 'h':
1969	case 'V':
1970	return DoStandardOption(ch);
1971
1972	default:
1973	return RTGetOptPrintError(ch, &ValueUnion);
1974	}
1975	/* not currently reached */
1976	}
1977	/* not reached */
1978	}
1979
1980
1981	#ifdef RT_OS_WINDOWS
1982	extern "C" int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
1983	{
1984	g_hInstance = hInstance;
1985	NOREF(hPrevInstance); NOREF(nShowCmd); NOREF(lpCmdLine);
1986
1987	int vrc = RTR3InitExeNoArguments(0);
1988	if (RT_FAILURE(vrc))
1989	return RTMsgInitFailure(vrc);
1990
1991	LPWSTR pwszCmdLine = GetCommandLineW();
1992	if (!pwszCmdLine)
1993	return RTMsgErrorExit(RTEXITCODE_FAILURE, "GetCommandLineW failed");
1994
1995	char *pszCmdLine;
1996	vrc = RTUtf16ToUtf8(pwszCmdLine, &pszCmdLine); /* leaked */
1997	if (RT_FAILURE(vrc))
1998	return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to convert the command line: %Rrc", vrc);
1999
2000	int cArgs;
2001	char **papszArgs;
2002	vrc = RTGetOptArgvFromString(&papszArgs, &cArgs, pszCmdLine, RTGETOPTARGV_CNV_QUOTE_MS_CRT, NULL);
2003	if (RT_SUCCESS(vrc))
2004	{
2005	vrc = main(cArgs, papszArgs);
2006
2007	RTGetOptArgvFree(papszArgs);
2008	}
2009	else
2010	vrc = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptArgvFromString failed: %Rrc", vrc);
2011	RTStrFree(pszCmdLine);
2012
2013	return vrc;
2014	}
2015	#endif
2016

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vbox/trunk/src/VBox/Main/src-helper-apps/VBoxExtPackHelperApp.cpp

Download in other formats: